Full Report
Solid Edge uses PS/IGES Parasolid Translator Component that contains an out of bounds read that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released a new version for Solid Edge and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Out of Bounds Read in Solid Edge PS/IGES Parasolid Translator
## CVE Details
- **CVE ID:** CVE-2025-40936
- **CVSS Score:**
- CVSS v3.1: 7.8 (High)
- CVSS v4.0: 7.3 (High)
- **CWE:** CWE-125 (Out-of-bounds Read)
## Affected Systems
- **Products:** Siemens Solid Edge
- **Versions:** All versions prior to V226.00 Update 03
- **Configurations:** Systems utilizing the PS/IGES Parasolid Translator Component to process IGS file formats.
## Vulnerability Description
An out-of-bounds read vulnerability exists within the PS/IGES Parasolid Translator component of Solid Edge. The flaw is triggered when the application parses specially crafted IGS (Initial Graphics Exchange Specification) files. Due to insufficient validation of file data, the application may read memory outside of the intended buffer, leading to a memory corruption state.
## Exploitation
- **Status:** PoC availability known (ZDI-CAN-26755); No confirmed reports of exploitation in the wild at the time of publication.
- **Complexity:** Medium (Successful exploitation requires a specifically crafted file).
- **Attack Vector:** Local (User interaction is required to open a malicious file).
## Impact
- **Confidentiality:** High (Potential to leak sensitive information from process memory).
- **Integrity:** High (Potential for arbitrary code execution in the context of the current process).
- **Availability:** High (Can lead to application crash/Denial of Service).
## Remediation
### Patches
- **Solid Edge V226.00:** Update to **V226.00 Update 03** or later.
- Siemens recommends visiting the Siemens Support Center hxxps[://]support[.]sw[.]siemens[.]com/product/246738425/ to download the latest updates.
### Workarounds
- **General Best Practices:** Limit the opening of IGS files from unknown or untrusted sources.
- **Access Control:** Protect network access to devices and ensure they operate within a protected IT environment following Siemens’ operational guidelines.
## Detection
- **Indicators of Compromise:** Application crashes (Access Violations) specifically when processing IGS files.
- **Detection Methods:** Monitoring for suspicious child processes spawned by Solid Edge (e.g., cmd.exe or powershell.exe) which may indicate successful code execution. Use of file integrity monitoring to ensure translation components have not been tampered with.
## References
- **Vendor Advisory:** hxxps[://]cert-portal[.]siemens[.]com/productcert/pdf/ssa-445819[.]pdf
- **Siemens Industrial Security Guidelines:** hxxps[://]www[.]siemens[.]com/cert/operational-guidelines-industrial-security
- **Siemens ProductCERT:** hxxps[://]www[.]siemens[.]com/cert/advisories